An attacker who successfully exploits this vulnerability may be able to cause a denial-of-service condition in the affected devices or possibly execute arbitrary code.

Siemens is a multinational company headquartered in Munich, Germany.

Siemens ROX-based devices connect devices that operate in harsh environments such as electric utility substations and traffic control cabinets.

RUGGEDCOM APE is a utility-grade computing platform that plugs directly into any member of the RUGGEDCOM RX1500 family and makes it possible to run third-party software applications without an external industrial PC.

The affected devices see action on a global basis across several sectors including chemical, communications, critical manufacturing, dams, energy, food and agriculture, government facilities, healthcare and public health, transportation systems, and water and wastewater systems.

Siemens provides updates for the following products and encourages customers to update their products:

Siemens recommends applying the following mitigations until patches are available for SCALANCE M-800/S615:
• Disable use of DNS on affected devices if possible.
• Use trusted DNS servers, trusted networks/providers, and known trusted DNS domains in device configuration.
Or
• Limit size of DNS responses to 512 bytes for UDP messages, and 1024 bytes for TCP messages on network border.

As a general security measure, Siemens recommends to protect network access to nonperimeter devices with appropriate mechanisms.